This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Cloud Config 4.1.4!spring-doc.cn

Actuator and Security

Some platforms configure health checks or something similar and point to /actuator/health or other actuator endpoints. If actuator is not a dependency of config server, requests to /actuator/ would match the config server API /{application}/{label} possibly leaking secure information. Remember to add the spring-boot-starter-actuator dependency in this case and configure the users such that the user that makes calls to /actuator/ does not have access to the config server API at /{application}/{label}.